{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9466", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-10-03T11:35:13.454Z", "datePublished": "2024-10-09T17:04:36.252Z", "dateUpdated": "2024-10-18T11:51:31.525Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Expedition", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "1.2.96", "status": "unaffected"}], "lessThan": "1.2.96", "status": "affected", "version": "1.2.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Zach Hanley (@hacks_zach) of Horizon3.ai"}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials."}], "value": "A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.2, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-10-18T11:51:31.525Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"}, {"tags": ["exploit"], "url": "https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.<br><br>The affected cleartext file will be removed automatically during the upgrade.<br><br>All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.<br><br>All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."}], "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\n\nThe affected cleartext file will be removed automatically during the upgrade.\n\nAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\n\nAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-10-09T16:00:00.000Z", "value": "Initial publication"}], "title": "Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."}], "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "paloaltonetworks", "product": "expedition", "cpes": ["cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.2.0", "status": "affected", "lessThan": "1.2.96", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T17:36:02.686341Z", "id": "CVE-2024-9466", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T17:37:16.246Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9466", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-10T17:36:02.686341Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "expedition", "versions": [{"status": "affected", "version": "1.2.0", "lessThan": "1.2.96", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T17:37:07.059Z"}}], "cna": {"title": "Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Zach Hanley (@hacks_zach) of Horizon3.ai"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "Expedition", "versions": [{"status": "affected", "changes": [{"at": "1.2.96", "status": "unaffected"}], "version": "1.2.0", "lessThan": "1.2.96", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-10-09T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\n\nThe affected cleartext file will be removed automatically during the upgrade.\n\nAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\n\nAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.", "supportingMedia": [{"type": "text/html", "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.<br><br>The affected cleartext file will be removed automatically during the upgrade.<br><br>All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.<br><br>All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.", "base64": false}]}], "datePublic": "2024-10-09T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010", "tags": ["vendor-advisory"]}, {"url": "https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/", "tags": ["exploit"]}], "workarounds": [{"lang": "en", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.", "supportingMedia": [{"type": "text/html", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.", "supportingMedia": [{"type": "text/html", "value": "A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-10-18T11:51:31.525Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9466", "state": "PUBLISHED", "dateUpdated": "2024-10-18T11:51:31.525Z", "dateReserved": "2024-10-03T11:35:13.454Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-10-09T17:04:36.252Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*", "matchCriteriaId": "13E7A504-08F4-40E4-9FF5-A707DAF6708A", "versionEndExcluding": "1.2.96", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials."}, {"lang": "es", "value": "Una vulnerabilidad de almacenamiento de texto plano de informaci\u00f3n confidencial en Palo Alto Networks Expedition permite a un atacante autenticado revelar nombres de usuario, contrase\u00f1as y claves API del firewall generadas con esas credenciales."}], "id": "CVE-2024-9466", "lastModified": "2024-10-17T06:15:04.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "HIGH", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-10-09T17:15:20.400", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"}, {"source": "psirt@paloaltonetworks.com", "url": "https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}